CVSS: 4.3EPSS: 0%CPEs: 1EXPL: 0CVE-2023-39286
https://notcve.org/view.php?id=CVE-2023-39286
A vulnerability in the Connect Mobility Router component of Mitel MiVoice Connect through 9.6.2304.102 could allow an unauthenticated attacker to perform a Cross Site Request Forgery (CSRF) attack due to insufficient request validation. A successful exploit could allow an attacker to provide a modified URL, potentially enabling them to modify system configuration settings. Una vulnerabilidad en el componente Connect Mobility Router de Mitel MiVoice Connect hasta 9.6.2304.102 podría permitir que un atacante no autenticado realice un ataque de Cross Site Request Forgery (CSRF) debido a una validación de la solicitud insuficiente. Un exploit exitoso podría permitir a un atacante proporcionar una URL modificada, lo que potencialmente le permitiría modificar la configuración del sistema. • https://www.mitel.com/support/security-advisories/mitel-product-security-advisory-23-0015 • CWE-352: Cross-Site Request Forgery (CSRF) •